SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
bananadance banana dance